[SYNCOPE-269] AES encryption key defined in source code - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Critical
Resolution: Fixed
Affects Version/s: 1.0.4, 1.1.0
Fix Version/s: 1.0.5, 1.1.0
Component/s: core
Labels:
- security

Description

Currently, the encryption key is barely and statically defined in source code [1] for 1_0_X, [2] for trunk.

This key must be moved to an external properties file (security.properties, for example).

Nice to have: random generation of this key during 'mvn archetype:generate'.

For 1_0_X: provide default to current key value [1] when not provided in security.properties.

[1] http://svn.apache.org/repos/asf/syncope/branches/1_0_X/core/src/main/java/org/apache/syncope/core/persistence/beans/user/SyncopeUser.java
[2] http://svn.apache.org/repos/asf/syncope/trunk/core/src/main/java/org/apache/syncope/core/util/PasswordEncoder.java

Attachments

Activity

People

Assignee:: Francesco Chicchiriccò

Reporter:: Francesco Chicchiriccò

Votes:: 0 Vote for this issue

Watchers:: 5 Start watching this issue

Dates

Created:: 10/Jan/13 11:08

Updated:: 23/Jan/13 15:51

Resolved:: 11/Jan/13 16:10